FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pycrypto -- ARC2 module buffer overflow

Affected packages
py-pycrypto < 2.0.1_2

Details

VuXML ID 5a021595-fba9-11dd-86f3-0030843d3802
Discovery 2009-02-06
Entry 2009-02-15

Dwayne C. Litzenberger reports:

pycrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes.

[source]

References

URL http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.